Would you enjoy to be responsible for executing ERP security assurance control as gatekeeper of internal controls for ERP security in SAP and Navision, proposing compliant solutions for project activities, change requests and for adhoc operational initiatives, ensure good documentation practices, expert of the Access Risk Framework process?
If yes, then your place is here with US as a Cyber Security Assurance Analyst based in our brand new MOL Campus in Budapest (11th district)
Responsibilities:
Project and change request assurance:
o Review and evaluate project proposals and tender material in relation to information security requirements.
o Supervise ERP-related change requests and provide guidance during the course of the engagements during all phases (planning, requirements definition, design, implementation and security acceptance testing, go-live).
o Embed detailed security requirements based on company security standards into all projects and change requests where there is information security relevance.
o Plan and undertake security acceptance tests, audits, execute thorough technical & process assessments on ERP systems and business applications.
Issue register and follow-up:
o Prepare detailed documentation on all security issues identified, provide accurate reports to project teams and management on ERP security matters.
o Track status of all security issues identified during security assurance activities and drive remediation efforts.
Access risk framework expertize:
o Act as expert for the Access Risk Management process initially for SAP later also for Navision.
o Evaluate projects and change requests for relevancy and coordinate update actions when required.
o Maintain updates in GRC system.
o Document changes and trigger periodic review actions for MOL and Slovnaft systems.
Collaborations – Work closely with:
o ERP cyber security architect on strategy and periodic alignments and major projects or updates,
o SAP Security Operations and Development teams,
o Various teams to ensure security controls and procedures are understood and successfully implemented and actively monitored.
ERP Internal Controls housekeeping:
o Ensure the operations of custom monitoring scenarios, sustain and enhance controls.
o Ensure that the existing monitoring scenarios (e.g. RSA) is up and running, reliable and enhance scope as relevant.
o Assess new ERP threats and security alerts, recommend remedial actions through the whole lifecycle of enterprise services.
o Be involved in security note related activities.
o Provide ideas or feedback to architecutre on potential ideas to improve SAP internal controls.
o Follow good documentation practices.
o Execute periodic compliance checks of scoped systems.
o Adhoc operational compliance support.
Requirements:
• University/College degree in Computer Science, Engineering or related field
• 3+ years of progressive experience in the information security industry
• Understanding of ERP security principles, practices and standards and how they translate into real world technical solutions
• Ability to communicate complex technology concepts both at high level as well as on technical level
• Experience in ERP security covering information security assessment (technical or process), auditing, implementation of SoD or GRC is strongly desired
• Thorough understanding of ERP (SAP & Navision) security principles and best practices
• Experience in working in a multinational environment
• Skills to perform complex work for the ERP security / Governance, Risk and Compliance (GRC) area and general knowledge of other information security areas
• Certifications considered as advantage: SAP Certified Technology Associate – SAP Authorization and Auditing for NetWeaver 7.31 or C_GRCAC_10
• SAP Certified Application Associate – SAP BusinessObjects Access Control 10.0
• Fluent English knowledge
What we offer:
• Unique opportunity to build your knowledge in MOL Group
• Opportunities to learn from an experienced team
• Career opportunities within MOL
• Home office possibilities – 2-3 HO/week
• A working location close to InfoPark with remote working option
• A competitive salary package includes also fringe benefits and annual bonus
• Free health cover program
• Participation at company organised events